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Introduction 


As you move modern applications from development to production, it often makes sense to have 
multiple fit-for-purpose Kubernetes clusters to support CI/CD of DevOps pipelines. This cluster 
sprawl continues as you add new clusters configured for specific purposes, such as edge 
deployments, faster response time, reduced latency, reduced capital expenditures (CapEx), and 
compliance with data residency requirements. 


Key benefits 


> Accelerate application 


development with self- Whether your organization is just getting started with a single cluster or already operating ina 
service provisioning. multicluster environment, you likely face some difficult decisions, such as: 

> FreelT teams from > How can you manage the life cycle of multiple clusters regardless of where they 
manual provisioning with reside—on-premise or across public cloud environments, using a single control plane? 


self-service cluster deploy- ; i g ; 
Paay > How do you get a simplified understanding of your cluster health and the effect it may have on 


ment that automatically Ae, DS 
your application availability? 


delivers applications. 


— , > How do you automate provisioning and deprovisioning of your clusters? 
> Increase application avail- 


ability with the ability to > How do you ensure that all of your clusters are compliant with standard and custom policies? 
deploy legacy and cloud- ; ; . . . 

p y e3 i if : , > How do you get alerted about configuration drift and remediate it? 
native applications quickly 


across distributed clusters. > How can you automate the placement of workloads based on capacity and policy? 


> Enhance security compli- Red Hat Advanced Cluster Management for Kubernetes 


ance with centralized policy 
Red Hat® Advanced Cluster Management for Kubernetes offers end-to-end management, visibility, 


and control of your cluster and application life cycle, along with improved security and compliance of 


» Reduce operational your entire Kubernetes domain—across multiple datacenters and public cloud environments. 
costs with a unified 


enforcement across clusters. 


Red Hat OpenShift® is the clear choice for container orchestration, offering a platform for deploying 
and managing containers in a standard, consistent control plane. Red Hat OpenShift and Red Hat 
Advanced Cluster Management provide the hybrid cloud management platform and capabilities that 
address common challenges faced by administrators and site reliability engineers (SREs) as they 
work across a range of environments such as multiple datacenters and private and public cloud envi- 
ronments that run Kubernetes clusters, including your remote edge sites. Certain industries, such 

as public sector environments, require strict compliance and U.S. Federal Information Processing 
Standards (FIPS) mode support, which Red Hat Advanced Cluster Management provides. 


management interface. 


Red Hat Advanced Cluster Management lets you manage your Kubernetes clusters from one 
place. Provision new Red Hat OpenShift clusters across Amazon Web Services (AWS), Microsoft 
Azure, Google Cloud Platform (GCP), Microsoft Azure Government (MAG), bare metal, Red Hat 
OpenStack® Platform, Red Hat Virtualization, and VMware vSphere. In addition, existing Red Hat 
OpenShift clusters can be imported and managed, such as Red Hat OpenShift on IBM Cloud, 
f facebook.com/redhatinc Microsoft Azure Red Hat OpenShift, Red Hat OpenShift Dedicated, Red Hat OpenShift on Red Hat 
y @RedHat OpenStack Platform, OpenShift on IBM Z, OpenShift on IBM Power, Red Hat OpenShift on Amazon, 
in linkedin.com/company/red-hat . g 
and OpenShift on Arm architecture. 
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Red Hat Advanced Cluster Management can also import and manage your existing public cloud 
Kubernetes clusters such as Amazon Elastic Kubernetes Service (Amazon EKS), IBM Cloud 
Kubernetes Service (IKS), Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE). 
Red Hat Advanced Cluster Management is FIPS-ready. 


Features and benefits 
Multicluster observability for fleet health and optimization 


Deliver an enhanced SRE experience with out-of-the-box multicluster dashboards that can store 
long-term historical data and provide an overview of fleet health and optimization. 


Table 1. Features and benefits of multicluster observability 


Feature Benefit 


Fleet health monitoring Sort, filter, and scan individual clusters, as well as aggregated 
multiclusters with Grafana. Use the open source Thanos project 
for scalable metrics collection with long-term data retention. Get 
OpenShift cluster health metrics and non-OpenShift clusters such 
as EKS, GKE, AKS, IKS in the Grafana dashboard. 


Customized metrics and Customize Grafana dashboards based on metrics you define and 

dashboards predefined metrics. Define service-level objectives (SLOs) ona 
cluster or the platform services and measure the performance 
against them. 


Dynamic search Use the graphical console to identify, isolate, and resolve issues 
affecting distributed workloads. 


Analytics through Gain intelligence on cluster health for your entire managed fleet and 
Red Hat Insights for take proactive steps and remediation actions as needed based on 
Red Hat OpenShift the analytics provided by Red Hat OpenShift-based telemetry and 


Red Hat expertise. 


Automatic alert forwarding Respond and troubleshoot more easily by getting centralized alerts 
from managed clusters to of cluster health metrics and all your policy violations into your 

Red Hat Advanced Cluster third-party tools such as Slack and PagerDuty. 

Management hub 


Unified multicluster life cycle management 


Create, upgrade, and destroy Kubernetes clusters reliably, consistently, and at scale, using an open 
source programming model that supports and encourages infrastructure as code (laC) best prac- 
tices and design principles. 
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Table 2. Features and benefits of unified multicluster life cycle management 


Feature 


Cluster life cycle 
management 


Cloud providers supported 


Enhanced cluster life cycle 
management (tech preview) 


Red Hat Ansible® 
Automation Platform 
integration 


Multicluster networking 
with Submariner 


Hosted control planes (TP) 


Central infrastructure 
management (CIM) for 
bare-metal deployments 


Manage Red Hat Advanced 
Cluster Management 
clusters from Ansible 
Automation Platform 

(Dev Preview) 


Benefit 


Gain Day 1 experience with cluster life cycle management using 
the open source Hive application programming interface (API). 
Create and upgrade new Red Hat OpenShift Container Platform 
clusters, or import existing OpenShift Container Platform and 
managed Kubernetes clusters, using Red Hat Advanced Cluster 
Management console. 


Red Hat Advanced Cluster Management supports the creation of 
OpenShift Container Platform clusters on AWS, Microsoft Azure, 
Google Cloud Platform (GCP), Microsoft Azure Government, bare 
metal, Red Hat OpenStack Platform, Red Hat Virtualization, and 
VMware vSphere. 


Take advantage of features such as worker pool scaling with 
autoscale configuration, cluster hibernate, and resume via cluster 
pools to help deploy clusters quickly and cluster sets to more easily 
define access controls to a group of clusters. 


Automate your Day O operations such as configuring cloud defined 
storage, infrastructure prerequisites, and static IP addresses. 
After cluster creation, automate Day 1 operations such as updating 
network components like firewalls and load balancers to enable 
flexible configuration changes, scaling, etc., using Ansible 
Automation Platform integration with Red Hat Advanced Cluster 
Management. 


Get rich multicluster networking capabilities with Submariner for 
application components deployed across multiple clusters. Reduce 
the complexity of deploying application components and networking 
requirements across clusters. 


Host and provision containerized OpenShift control planes at scale, 
which solves for cost, footprint, time to provision, and portability 
across cloud environments with strong separation of concerns 
between management and workloads. 


Use a self-service model that allows infrastructure owners to 
provide developers access to bare-metal infrastructure resources to 
provision OpenShift clusters. 


More easily access ACM functionality, such as cluster creation, 
directly from Ansible Automation Platform using the Ansible 
collections. 
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Policy-based governance, risk, and compliance 


Apply a policy-based governance approach to automatically monitor and ensure desired best prac- 
tices configuration state for controls related to security, resiliency, and software engineering so that 
these controls are operated to industry compliance standards or self-imposed corporate standards. 


Table 3. Features and benefits of policy-based governance, risk, and compliance 


Feature 


Benefit 


Out-of-the-box policy 
templates for security, 
resiliency, and configuration 
management 


Governance and risk 
dashboard 


Customized policy 
violation views 


Open source extensible 
policy framework and policy 
collection repository 


Integration with Gatekeeper 
and Open Policy Agent 
(OPA) 


Integration with Kyverno 


Integration with OpenShift 
Compliance Operator 


Use prebuilt policy templates to enforce policy on Kubernetes 
configuration (e.g., etcd encryption), identity and access 
management (IAM), certificate management, and deploy and 
configure operators such as Compliance Operator, Gatekeeper/ 
Open Policy Agent (OPA), and Container Security Operator across 
your clusters. Implement policy-based governance via GitOps to 
meet internal and external standards using the open source policy 
collection repository. 


Use the governance and risk dashboard to view and manage security 
risks and policy violations in all of your clusters and applications. 
Get details on violation history. Drill down into violation details by 
centrally accessing details from managed clusters from the Red Hat 
Advanced Cluster Management hub. 


Customize policies for various compliance standards, governance 
dashboard views, and views for most-affected controls for specific 
standards. 


Develop custom policy controllers and policies and integrate 
them for centralized management into the governance and risk 
dashboard. Take advantage of the collaborative upstream policy 
contributions, using the policy collection repository. 


Get a fully supported Gatekeeper and OPA operator that supports 
deployment of the Gatekeeper operator to your fleet using 
compliance policy. Initiate Gatekeeper controls across your fleet 
to enforce various OPA policies. Centrally view and drill down into 
violations for all your Gatekeeper and OPA policies. 


Get enhanced admission control capabilities and mutating 
capabilities. Generate and validate Kubernetes resources with the 
Kyverno integration. 


Deploy OpenShift Compliance Operator at scale across your fleet, 
using Red Hat Advanced Cluster Management to enforce various 
security profiles for compliance standards such as the E8 Essential 
scan. Centrally view and drill down into violations for all of these 
security profiles. 
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Feature 


Benefit 


Ansible Automation 
Platform integration 


Deploy Red Hat Advanced 
Cluster Security (StackRox) 
Central via governance, risk, 
and compliance (GRC) policy 
(tech preview) 


Policy generator 


Stronger security and edge 
scalability using templatized 
policies 


More efficient policy 
management through 
PolicySets 


Integrity of policies 


Use Ansible Automation Platform integration with Red Hat 
Advanced Cluster Management to automate remediation of 
noncompliant conditions and gather audit information about the 
clusters for analysis to promote proactive measures against policy 
violations detected by Red Hat Advanced Cluster Management. 


Get a consolidated experience by using Red Hat Advanced Cluster 
Management console to deploy Red Hat Advanced Cluster Security 
(StackRox) Central server consistently across clusters by creating a 
single policy through a user-friendly interface. 


Allow policies to be auto-generated and deployed via GitOps from 
existing Kubernetes configuration and Gatekeeper and Kyverno 
policies. 


Get stronger security with Gatekeeper Mutating Webhooks, which 
implements controls around updating nonconformant resources and 
can be coupled with policy templating for additional encryption with 
secrets management integration. 


Group policies for specific purposes (e.g., OpenShiftPlus 
deployment, ACM Hardening, managed cluster-hardening, grouping 
Gatekeeper policies, PCIStoreFront, HIPAA backend, etc.). This 
ensures an enhanced user-friendly experience of organizing, 
managing, and enforcing policies or policy sets for clusters at scale. 
Pre-configured PolicySets are available via GitOps as a starting 
point to use this feature. 


Enable integrity for policies by signing them with Sigstor integration. 


Advanced application life cycle management 


Use open standards and deploy applications using placement rules that are integrated into existing 
CI/CD pipelines and governance controls. 
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Table 4. Features and benefits of advanced application life cycle management 


Feature 


Application topology view 


Channels and subscriptions 


Placement rules 


Ansible Automation 
Platform integration 


Application builder 


Argo CD integration 


Benefit 


Quickly view the health of service endpoints and pods associated 
with your application topology with all the connected dependencies 
like image versions, associated placement rules, Kubernetes 
resources, and ConfigMaps. 


Automatically deploy applications to specific clusters by subscribing 
to different workload (resource) channels such as GitHub, Helm 
repository, and ObjectStore types. 


Rapidly deploy workloads across your fleet, or only to specific 
clusters, on the basis of placement rule definitions and time windows 
to control when and where your applications are being deployed. 


Automate everything outside of Kubernetes with your application 
deployments. For example, automate and configure networking, 
databases, load balancers, and firewalls with Ansible Automation 
Platform integration. 


Intuitive application creation experience using a form-based input 
with contextual help to guide you in defining your application 
components without dealing directly with YAML. 


Use Red Hat Advanced Cluster Management to allow Argo CD 

to automatically deliver content as clusters come online or get 
imported. Red Hat Advanced Cluster Management policies work in 
tandem with Argo CD to make sure compliance and configuration are 
managed and maintained at scale for tighter Cl/CD alignment. View 
and troubleshoot applications deployed by Argo CD in the Advanced 
Cluster Management application topology view. Create application 
set objects for your clusters that are registered within Argo, directly 
from Red Hat Advanced Cluster Management console. 


Edge management at scale 


With single-node OpenShift clusters and Red Hat Advanced Cluster Management, continuously 
scale while enabling availability in high-latency, low-bandwidth edge use cases. 
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Table 5. Features and benefits of edge management at scale 


Feature 


Benefit 


Enhanced scalability 


Zero-touch provisioning 


Single-node OpenShift 
management 


Hub-side policy templating 


The number of single-node OpenShift clusters managed by a 
single ACM hub is approaching 2,000. Additionally, the IPV6 dual 
stack support simplifies the management of a scaled out edge 
architecture. These features ensure scalability in low-bandwidth, 
high-latency connections and disconnected sites. 


Use Red Hat Advanced Cluster Management with Assisted Installer 
on-premise for high-scale cluster deployment serving telco and 
edge scenarios. 


Get full management capabilities for your single-node OpenShift 
clusters essential for your edge use cases. 


Reduce the number of policies for high-scale management scenarios 
by allowing them to refer to data from resources on the hub. 


Business continuity 


Use Red Hat Advanced Cluster Management along with the broader Red Hat portfolio to ensure the 
apps and stateful applications your business relies on are always up and running. 


Table 6. Features and benefits of business continuity 


Feature 


Benefit 


Red Hat Advanced Cluster 
Management Hub backup 
and restore 


Red Hat OpenShift Data 
Foundation (formerly 
Red Hat OpenShift 
Container Storage) for 
disaster recovery (DR) 
strategy (tech preview) 


PV replication using volSync 
(formerly Scribe) (tech 
preview) 


Back up your managed cluster configurations more securely and 
restore them ina different hub cluster, using a backup solution 
based on OpenShift API for Data Protection. 


Provide a robust multisite, multicluster disaster recovery strategy 
for your stateful apps using OpenShift Data Foundation and 

Red Hat Advanced Cluster Management. OpenShift Data 
Foundation ensures your application data volumes and persistent 
volumes (PVs) are consistently and frequently replicated. 

DR operators that are set up with Red Hat Advanced Cluster 
Management can automate the DR failover and failback processes. 


Ensure resilience for the stateful apps your business relies on by 
providing a planned application migration strategy across your 
clusters. You can also use volSync to create your own DR solution 
when working with alternative vendors’ storage or heterogeneous 
storage products. 
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Technical specifications 
Hub cluster 
> Operator-based installation 
> Available on OperatorHub.io 
» Requires Red Hat OpenShift Container Platform, 4.8.x and above 
Managed clusters 
> Full life cycle management: any version of Red Hat OpenShift Container Platform 4.8 and above: 


> Red Hat OpenShift on AWS, Microsoft Azure, Google Cloud Platform, Microsoft Azure 
Government , VMware vSphere, Red Hat OpenStack Platform, Red Hat Virtualization, 
and bare metal 


> Import and manage: 
» Red Hat OpenShift Container Platform 3.11 
> Red Hat OpenShift on IBM Power 
> Red Hat OpenShift on IBM Z 
» Red Hat OpenShift on IBM Cloud 
» Red Hat OpenShift on Amazon 
» Microsoft Azure Red Hat OpenShift 
» Red Hat OpenShift Dedicated 


» Red Hat Openshift on Arm 


v 


Limited life cycle support for managed Kubernetes clusters: 
» Amazon Elastic Kubernetes Service (Amazon EKS) 

> Azure Kubernetes Service (AKS) 

> IBM Cloud Kubernetes Service (IKS) 


> Google Kubernetes Engine (GKE) 


v 


Red Hat Advanced Cluster Management provides observability, application life cycle manage- 
ment, and policy-based management of imported clusters. 


v 


Red Hat Advanced Cluster Management provides full cluster life cycle management (create, 
upgrade, destroy) with additional security compliance capability for Red Hat OpenShift Container 
Platform clusters. 
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High availability 
> Red Hat OpenShift Container Platform availability zone supported 
> Limitation for search component based on RedisGraph 

Resource requirements 


> 3 masters, 3 infrastructure nodes, 6 vCPU, and 16GB RAM 


About Red Hat 


Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered 
approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red 
Hat helps customers develop cloud-native applications, integrate existing and new IT applications, and automate 
and manage complex environments. A trusted adviser to the Fortune 500, Red Hat provides award-winning support, 
training, and consulting services that bring the benefits of open innovation to any industry. Red Hat is a connective 
hub in a global network of enterprises, partners, and communities, helping organizations grow, transform, and 
prepare for the digital future. 
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